From: Mark Wielaard Date: Fri, 8 Jun 2018 00:11:44 +0000 (+0200) Subject: libdw: Return an error in dwarf_getlocation_attr for missing .debug_addr. X-Git-Tag: elfutils-0.172~11 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=c5fdb8e5e0be9a507766a58f3c27c57703f369a9;p=platform%2Fupstream%2Felfutils.git libdw: Return an error in dwarf_getlocation_attr for missing .debug_addr. When constructing a "fake" Dwarf_Attribute for DW_OP_GNU_const_index, DW_OP_constx, DW_OP_GNU_addr_index or DW_OP_addrx, we would create a fake attribute pointing to the actual data in the .debug_addr section. We would even do that if there was no .debug_addr section assuming dwarf_formaddr or dwarf_formudata would generate an error. But when there is no .debug_addr there is also no fake_addr_cu, so the dwarf_form* functions cannot check the value is correct (and crash). Fix by returning an error early from dwarf_getlocation_attr indicating bad DWARF data. Found by the afl fuzzer running on the varlocs testcase. Signed-off-by: Mark Wielaard --- diff --git a/libdw/ChangeLog b/libdw/ChangeLog index 9d0b484..79fcf1e 100644 --- a/libdw/ChangeLog +++ b/libdw/ChangeLog @@ -1,3 +1,9 @@ +2018-06-08 Mark Wielaard + + * dwarf_getlocation_attr.c (addr_valp): Set error and return NULL + when there is no .debug_addr section. + (dwarf_getlocation_attr): If addr_valp returns NULL, then return -1. + 2018-06-07 Mark Wielaard * libdw_findcu.c (__libdw_intern_next_unit): Report DWARF_E_VERSION, diff --git a/libdw/dwarf_getlocation_attr.c b/libdw/dwarf_getlocation_attr.c index 875fc5d..99bcc82 100644 --- a/libdw/dwarf_getlocation_attr.c +++ b/libdw/dwarf_getlocation_attr.c @@ -1,5 +1,5 @@ /* Return DWARF attribute associated with a location expression op. - Copyright (C) 2013, 2014, 2017 Red Hat, Inc. + Copyright (C) 2013, 2014, 2017, 2018 Red Hat, Inc. This file is part of elfutils. This file is free software; you can redistribute it and/or modify @@ -58,11 +58,13 @@ static unsigned char * addr_valp (Dwarf_CU *cu, Dwarf_Word index) { Elf_Data *debug_addr = cu->dbg->sectiondata[IDX_debug_addr]; - Dwarf_Word offset = __libdw_cu_addr_base (cu) + (index * cu->address_size); if (debug_addr == NULL) - /* This is really an error, will trigger with dwarf_formaddr. */ - return (unsigned char *) (uintptr_t) offset; + { + __libdw_seterrno (DWARF_E_NO_DEBUG_ADDR); + return NULL; + } + Dwarf_Word offset = __libdw_cu_addr_base (cu) + (index * cu->address_size); return (unsigned char *) debug_addr->d_buf + offset; } @@ -105,6 +107,8 @@ dwarf_getlocation_attr (Dwarf_Attribute *attr, const Dwarf_Op *op, Dwarf_Attribu else result->form = DW_FORM_data8; result->valp = addr_valp (attr->cu, op->number); + if (result->valp == NULL) + return -1; result->cu = attr->cu->dbg->fake_addr_cu; break; @@ -113,6 +117,8 @@ dwarf_getlocation_attr (Dwarf_Attribute *attr, const Dwarf_Op *op, Dwarf_Attribu result->code = DW_AT_low_pc; result->form = DW_FORM_addr; result->valp = addr_valp (attr->cu, op->number); + if (result->valp == NULL) + return -1; result->cu = attr->cu->dbg->fake_addr_cu; break;